Bug 167609 – patch to fix esound/gstreamer ESPEAKER interaction bug

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 167609 - patch to fix esound/gstreamer ESPEAKER interaction bug


Summary:	patch to fix esound/gstreamer ESPEAKER interaction bug


Status:	RESOLVED FIXED

Product:	esound
Classification:	Deprecated
Component:	general
Version:	unspecified
Hardware:	Other Linux

Importance:	High normal
Target Milestone:	---
Assigned To:	Esound Maintainers
QA Contact:	Esound Maintainers

URL:
Whiteboard:

Duplicates:	156806 169627 (view as bug list)
Depends on:
Blocks:

Reported:	2005-02-16 15:53 UTC by Jeff Waugh
Modified:	2007-01-05 09:46 UTC

See Also:
GNOME target:	---
GNOME version:	---

Attachments
patch to stop changing host variable (487 bytes, patch) 2005-02-16 15:54 UTC, Jeff Waugh	needs-work	Details \| Review
fixed up maybe (768 bytes, patch) 2005-02-16 16:17 UTC, Jeff Waugh	needs-work	Details \| Review
more anal retentiveness (882 bytes, patch) 2005-02-16 18:00 UTC, Jeff Waugh	none	Details \| Review
this time for sure! (1.05 KB, patch) 2005-02-16 18:20 UTC, Jeff Waugh	none	Details \| Review
are we there yet? (1.06 KB, patch) 2005-02-16 18:25 UTC, Jeff Waugh	none	Details \| Review
cleanliness c/o pbor (1.06 KB, patch) 2005-02-16 18:31 UTC, Jeff Waugh	none	Details \| Review
Alternate fix (1.09 KB, patch) 2005-02-17 03:32 UTC, Jan Schmidt	none	Details \| Review

Description Jeff Waugh 2005-02-16 15:53:28 UTC

esdlib changes the value of host in esd_open_sound, which causes some problems
further up the stack with gstreamer when trying to make it use ESPEAKER. without
this patch, gstreamer-based applications won't work correctly for common thin
client setups.

Comment 1 Jeff Waugh 2005-02-16 15:54:33 UTC

Created attachment 37543 [details] [review]
patch to stop changing host variable

Comment 2 Frederic Crozat 2005-02-16 16:02:27 UTC

Comment on attachment 37543 [details] [review]
patch to stop changing host variable

thanks for all irc dudes :

it is leaking host and might crash if passed NULL

Comment 3 Jeff Waugh 2005-02-16 16:17:42 UTC

Created attachment 37544 [details] [review]
fixed up maybe

Comment 4 James Henstridge 2005-02-16 16:27:08 UTC

Comment on attachment 37544 [details] [review]
fixed up maybe

>-    if ( !host ) host = getenv("ESPEAKER");
>+    if ( rhost ) {
>+        host = strdup(rhost);
>+    } else {
>+        host = strdup(getenv("ESPEAKER"));
>+    }
This looks like it will crash if ESPEAKER is not set and rhost == NULL (since
getenv will return NULL).

>+    free (host);
>+
It looks like there is a case where this free() will cause a crash too:

    char display_host[ 256 ];
    ...
	    len = min( len, 256 ); 
	    strncpy( display_host, display, len );
	    display_host[ len ] = '\0';
	    host = display_host;

In this case, host will point at a stack allocated character array, and freeing
something on the stack will cause heap corruption.

Comment 5 Jeff Waugh 2005-02-16 18:00:39 UTC

Created attachment 37556 [details] [review]
more anal retentiveness

Comment 6 James Henstridge 2005-02-16 18:05:36 UTC

Comment on attachment 37556 [details] [review]
more anal retentiveness

>-    if ( !host ) host = getenv("ESPEAKER");
>+    if ( rhost ) {
>+        host = strdup(rhost);
>+    } else if ( getenv("ESPEAKER") ) {
>+        host = strdup(getenv("ESPEAKER"));
>+    }
How about writing this bit like below?
    if (!host) host = getenv("ESPEAKER");
    if (host) host = strdup(host);

(don't worry about renaming the function parameter to rhost -- that change
shouldn't make any difference)

>-	    host = display_host;
>+	    host = strdup(display_host);

That should fix the problem I mentioned earlier

However, this iteration of the patch seems to be missing the free(host) bit ...

Comment 7 Jeff Waugh 2005-02-16 18:20:13 UTC

Created attachment 37557 [details] [review]
this time for sure!

Comment 8 Jeff Waugh 2005-02-16 18:25:19 UTC

Created attachment 37559 [details] [review]
are we there yet?

Comment 9 Jeff Waugh 2005-02-16 18:31:09 UTC

Created attachment 37560 [details] [review]
cleanliness c/o pbor

Comment 10 Jeff Waugh 2005-02-17 02:29:04 UTC

*** Bug 156806 has been marked as a duplicate of this bug. ***

Comment 11 Jan Schmidt 2005-02-17 03:32:31 UTC

Created attachment 37582 [details] [review]
Alternate fix

Attaching an alternate patch that fixes the problem inside esd_connect_tcpip
where it lives.

Comment 12 David Schleef 2005-05-25 23:47:27 UTC

*** Bug 169627 has been marked as a duplicate of this bug. ***

Comment 13 David Schleef 2005-05-26 00:31:57 UTC

Good grief.  Doesn't anyone bother to change the algorithm so it doesn't modify
the string in-place?  Modifying passed strings is so... unnatural.  It's like
you people _don't even care_ about code quality of esound.

OK, I didn't bother to do it either.  :)

Applied Jan's patch, additionally making sure the correct string is freed after
++host.

Comment 14 Tim-Philipp Müller 2006-07-17 09:23:43 UTC

> Applied Jan's patch, additionally making sure the correct string is freed after
> ++host.

So can this bug be closed then?

Comment 15 Kjartan Maraas 2007-01-05 09:46:36 UTC

Don't see why not.